/manifests/rules/dnat4.pp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / rules / dnat4.pp @ 11bf7237

1	351a88fb	tr	# manage a ipv4 dnat rule
2	11bf7237	Steve Traylen	define nftables::rules::dnat4 (
3	7cc88e25	tr	Pattern[/^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/]
4	11bf7237	Steve Traylen	$daddr,
5	7cc88e25	tr	Variant[String,Integer[1,65535]]
6	11bf7237	Steve Traylen	$port,
7	351a88fb	tr	Pattern[/^[a-zA-Z0-9_]+$/]
8	11bf7237	Steve Traylen	$rulename = $title,
9	351a88fb	tr	Pattern[/^\d\d$/]
10	11bf7237	Steve Traylen	$order = '50',
11	351a88fb	tr	String[1]
12	11bf7237	Steve Traylen	$chain = 'default_fwd',
13	351a88fb	tr	Optional[String[1]]
14	11bf7237	Steve Traylen	$iif = undef,
15	a6316327	tr	Enum['tcp','udp']
16	11bf7237	Steve Traylen	$proto = 'tcp',
17	351a88fb	tr	Optional[Variant[String,Integer[1,65535]]]
18	11bf7237	Steve Traylen	$dport = '',
19	7cc88e25	tr	Enum['present','absent']
20	11bf7237	Steve Traylen	$ensure = 'present',
21	351a88fb	tr	) {
22			$iifname = $iif ? {
23			undef => '',
24			default => "iifname ${iif} ",
25			}
26			$filter_port = $dport ? {
27			'' => $port,
28			default => $dport,
29			}
30			$nat_port = $dport ? {
31			'' => '',
32			default => ":${dport}",
33			}
34
35	11bf7237	Steve Traylen	nftables::rule {
36	351a88fb	tr	default:
37			ensure => $ensure,
38			order => $order;
39			"${chain}-${rulename}":
40			content => "${iifname}ip daddr ${daddr} ${proto} dport ${filter_port} accept";
41			"PREROUTING-${rulename}":
42			table => 'ip-nat',
43			content => "${iifname}${proto} dport ${port} dnat to ${daddr}${nat_port}";
44			}
45			}